+ "Denial of service" attacks are not solved with Kerberos. There
are places in these protocols where an intruder intruder can
prevent an application from participating in the proper
authentication steps. Detection and solution of such attacks
(some of which can appear to be not-uncommon "normal" failure
modes for the system) is usually best left to the human
administrators and users.

It should say:

+ "Denial of service" attacks are not solved with Kerberos. There
are places in these protocols where an intruder can
prevent an application from participating in the proper
authentication steps. Detection and solution of such attacks
(some of which can appear to be not-uncommon "normal" failure
modes for the system) is usually best left to the human
administrators and users.

Notes:

Intruder appeared twice.

While that certainly can happen in practice, I don't think the author meant to allude to that possibility. :)
--VERIFIER NOTES--
Already fixed in 4120 which obsoletes this.